‘EscortReviews.com’ Hacked and User Database Stolen

  • A female escort review platform has been hacked, and its user database was posted online.
  • People have had their usernames, email addresses, IP addresses, and discussions exposed.
  • Sextortionists will have a party with this set, holding a mini-Ashley Madison blackmail operation.

The female escort reviewers community that hangs out on ‘EscortReviews.com’ is now going through a break out in a cold sweat, as someone has hacked the site and stole the vBulletin forum database. The dump has already been posted on hacker forums, exposing 2.4 million topic discussions, 12.5 million posts, and 472,695 members. This is a case of severe exposure, as many of these members prefer to keep their details private for reasons that are easy to understand.

Source: BleepingComputer

The database doesn’t necessarily contain real names, but this depends on how careful the users were upon their registration. The exposed data includes usernames, email addresses, MD5 hashed passwords, IP addresses, and the optional birthday and Skype account IDs. So, depending on whether these usernames, email addresses, or Skype accounts have something of a real name in them, the users will be dealing with a serious case of exposure. Also, MD5 isn’t considered a strong hashing algorithm nowadays, so the users may consider their passwords compromised too.

The stolen database may actually be a backup and not a live one, as the most recent data in it dates back to September 2018. This somewhat alleviates the severity of the breach, but not by much. BleepingComputer has reached out to random users in an attempt to validate that the published data is real, and those who returned the messages confirmed it.

The side has gone offline, and it is unknown if and when it’ll return back online. As for the vBulletin version that it ran at the time of the hacking event, that was 3.8.9, which was plagued by numerous well-documented vulnerabilities. vBulletin 3.x actually reached End of Life back in December 2017, with the last version being 3.8.11. That said, the site was using a heavily outdated version of the forum software and didn’t even bother to apply the last update ever released for the deprecated branch.

If you are a member of the particular site, go ahead and reset your passwords on other platforms where you may be using the same credentials. If you receive any scamming, phishing, or extortion emails, report them to the police and do not answer any of them. Giving in to the blackmail may seem like an “easy way” out of a dire situation, but it will only perpetuate the problem. Remember, this data wasn’t exposed to a closed group of actors, but to anyone out there, so accept it and don’t try to mitigate the risks by meeting extortion demands.

REVIEW OVERVIEW

Latest

How to Watch Formula 1 Without Cable in 2021: Live Stream F1 Grand Prix Anywhere!

The 2021 Formula 1 World Championship is nearly underway, and we're excited to see the big names on the circuit once more,...

How to watch NFL Draft 2021 Without Cable: Date, Time, Schedule, Pick Order, Location, Mock Drafts

The 2021 NFL Draft is almost upon us, and soon the top prospects in the world of football will know where they...

How to Watch NHL 2021 Without Cable – Live Stream Hockey Online from Anywhere

The 2021 NHL season is here, and it ongoing after getting a dodgy start. The 104th season of the National Hockey League...